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5.6 CENTRALIZED KEY DISTRIBUTION 

In order that any two users perform the encryption of a message 
using the symmetric encryption on the network consisting of a plurality 
of users, a symmetric key for only themselves should be previously 
shared. A new session key should be distributed every session between 
chem based on this symmetric key which serves as a key-encryption key. 
In a network in which n users are present, all us.ers should hold and 
manage n-1 symmetric keys which are different from each other. In 
addition, as a new user subscribes to the network, all existing users 
should newly prepare a symmetric key which will be shared with new the 
user. However, this scheme is very inefficient and is almost impossible 
to realize it in a large network. In a system using the public key 
encryption, this problem will naturally be solved, and also when the 
symmetric encryption is used, this problem will be solved through a 
centralized key server. In this scheme, all users share previously a 
symmetric key in common with the key server, and are' connected with the 
key server by online, so that the session key which are required 
between two users is distributed with the aid of the key server to the 
users , 

This chapter introduces the concept of a key distribution center as a 
centralized key server and a key translation center. These two key servers 
play the role of aiding the distribution of the common session key based on 
the symmetric encryption every session between the client and application 
server. In addition, it is also introduced the concept of a public key 
certification authority and a certificate, which generate the public key of a 
public key encryption such as RSA and securely, reliably distribute it. 

5.6.1 KEY DISTRIBUTION CENTER 

The key distribution center(KDC) is a reliable key distribution server 
which previously shares a symmetric key being common to all users on the 
neLwork. The session key required to a certain cryptography between any two 
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users is distributed to the corresponding user through the key distribution 
center and the users perforin the cryptography through the distributed session 
key. in terms of the user, it is not necessary to share the symmetric key 
with all users on the network and it is good only if the symmetric key being 
common to the key distribution center is shared when entering to the network. 
The key distribution center securely distributes the session key which is 
used during the corresponding session by any two users based on the symmetric 
key which functions as a key-encryption key. 




Client 


] — 2 — * r£^n 


[Figure 5.11: key distribution center model] 

Figure 5. 11 shows a process that a client and a server share the 
session key which is common to each other via the key distribution center 
•CDC. In the left figure, if the client requests a session key which will be 
shared with the server from the KDC. the KDC generates the common session 
key. encrypts with the symmetric key which was previously agreed on among 
the client and the server and the KDC, and transmits it to the client and the 
server. Meanwhile, in the right figure, the KDC. requested to send a session 
key from the client, sends the encrypted key. which will be transmitted to 
the server, to the client and then the client, in place of the KDC, transmits 
ii to the server. Consequently, it can be said that the scheme of the right 
figure is more efficient than that of the left figure in view of reducing the 

work load of the KDC. 

The concept of the key distribution center is efficient in view of the 
distribution and management of the key. but it has the following drawbacks. 
First, since the symmetric keys of all subscribers are stored in the database 
of the key distribution center, it may be the subject of attack from the 
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attackers. Accordingly, in order to securely protect the key from not only an 
outside attacker but also an inside attacker, an additional security for the 
key distribution center is required. Second, if a problem occurs in the key 
distribution center, the mechanism related to the security of the whole 
network stops its operations. Of course, two or more key distribution 
centers, if it is constructed, may solve this problem. However, maintaining a 
database which the security management is required, means a significant 
increase is cost and complexity. Third, since the key is distributed to alt 
users through the key distribution center, a bottleneck phenomenon on the 
communication may occur in the key distribution center. 


Needham-Schroeder Protocol 

The protocol 5,12 shows a specific protocol in which a session key is 
distributed via the key distribution center to a client and a server. This 
protocol suggested by Needham and Schroeder partly contains a vulnerable 
point on the security. However, since most of protocols based on the concept 
of the key distribution center are modeling this protocol, it has been 
recognized as a very important protocol. The Needham-Schroeder protocol of 
the protocol 5.12 relates to the key distribution center model in right side 
of che figure 5.11. 


<& Client ~+ KDC : r u Cttertx, Server 

© Oiatr <- KDC : Server. ^ Ticket) 

<S CTffiir -v Server: Ticket. B^(r^ 

03 Ctieni *- Server: i^-l, r,> 

© Client Server: f^fo-l) 


(Protocol 5,12 : an example of Needham-Schroeder protocol] 


The Needham-Schroeder protocol is a session key distribution and mutual 
entity authentication protocol based on a symmetric type encryption wherein 
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key-encryption symmetric keys k r aa k, are previously shared between a client 
and a KDC, and a server and a KDC, respectively. In the step CD. the client 
requests the KDC to distribute a session key which will be shared with the 
server. Here, the random number n corresponds to the attempt for the one-way 
entity authentication made by the client to the KDC. In the step @. the KDC 
generates a session key k s which be shared by the client, and the server, 
encrypts it with a symmetric key k c which is previously agreed on between the 
client and the KDC. and returns it to the client. Here. Ticket= Ek v (k Sl 
Client) is used to allow the client in place of the KDC, to distribute the 
session key to the server, wherein it is encrypted by the key-encryption 
symmetric key k v which is previousJy agreed on between the KDC and the server. 
Since the session key is encrypted with the symmetric key which was 
previously agreed on between the KDC and the client, and the KDC and the 
server, the key authentication is ensured during this procedure. In addition, 
in the client's side, the entity authentication for the KDC is performed 

through the response Ek c ( rl,...) from the KDC. The KDC sends a message 

encrypted by the key k c which was agreed on with a lawful client so that the 
encrypted message has no meaning to other except the client who knows the 
key. Therefore, the entity authentication for the client is implicitly 
recognized. !n the step ©. the client transmits the Ticket to the server, 
and generates a certain random number v% for the purpose of key confirmation 
and then sends the Ek e (r 2 ). In the step ®. the server sends the Ek e (r 2 -1) to 
the client and ensure the client that it has the same key as that of the 
server and the server generates a certain random number r3 for the purpose of 
key confirmation and at the same time, sends the EkeC.rs) to the client. In 
the step <5>, the server, receiving the Ek s (R3-l), can be ensured that it 
shares the same session key as that of the client 


Kerberos PROTOCOL 

Kerberos is an entity authentication and session key distribution 
system developed as a part of Athena Project performed by M.LT university in 
U.S.A. and is based on a protocol suggested by Needham and Schroeder. Hie 
Kerberos is used for an entity authentication for the users of the 
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workstation which requires a service from various type of application servers 
under a client-server distribution environment. In the Kerberos, each of the 
client and various application servers does not maintain common secrete keys 
required for the entity authentication, but the ticket required for the 
entity authentication with a specific application server is given to the 
client and the service of the application server is provided to the client by 
sharing the key-encryption symmetric key with the centralized server. 

In the Kerberos model, there is a Kerberos server KS. which securely 
stores the symmetric key of all clients and the application servers. More 
particularly, the KS takes charge of a role for generating the session key 
newly required for every session between the client and the application 
server. 


3 



CO Ticket requested* [Client, Server* nance) 
& Ticket granted, t Sijfa* noncc% T„] 
<$> Service requested, [Aud^T^] 


[figure 5.13 : Kerberos entity authentication protocol] 


The client which requests the service from a specific application 
server first asks the Kerberos server KS a ticket, allowing the client to be 
served by the server in the step ®. Here, the "nonce" is used for preventing 
a replay attack, likewise a times tamp or a random number. In the step <2>, the 
Kerberos server KS recognizes the identity of the client and then encrypts 
the session key k s created by itself and the nonce sent from the client using 
the symmetric key k c of the client, acquired by searching the database and 
then sends it to the client together with the ticket T cv . Here, T C v=Ei<v(ks. 
Client, Validity) means that the session key K Sf ID Client of the client and 
Validity indicating the period of validity of the ticket has been encrypted 
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by the key-encryption symmetric key k v which was previously shared by the KS 
and the application server. The client can obtain the session key k s sent from 
the Kerberos server KS using the symmetric key k c of itself. Once the client 
obtains the ticket allowing it to be served by a specific application server, 
in the step ©. the client sends the authent icator Auth=Ek s (Cl ient , 
timestamp), which is its ID Client and the times tamp encrypted by the session 
key k Sl together with T cv to the application server Server. The application 
server Server decodes the ticket T cv by the symmetric key ic V which is shared 
with the Kerberos server KS to first verifies its effective period. Further, 
the entity authentication, confirming whether or not. the ID of the client 
inc hided therein is identical with the ID in the ticket, is performed by 
obtaining the session key k v included therein and decoding the authent icator 
Auth with the session key. The client can continuously use the ticket 
whenever it requests a service from the application server so long as the 
effective period of the ticket is not elapsed. 
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